The host is installed with Apple iTunes before 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly inform the user about the origin of an authentication request. Successful exploitation could allow remote podcast servers to trick a user into providing a username and password.